New rules released
Version 0.35 - 2014.01.28
- CVE-2013-7187
- False positives fixed:
Joomla
WHMCS
Silverstripe CMS
Wordpress
IP Board
and others
good job guys!
New rules released
Version 0.36 - 2014.02.04
- CVE-2013-7002
- categories support
- small fixes
With the new rules update I’ve seen the PCRE error appear again 
Rule 7f0a958 [id “220020”][file “/var/cpanel/cwaf/rules/cwaf_05.conf”][line “56”] - Execution error - PCRE limits exceeded (-8): (null).
Reverting the rules back to previous version stops the PCRE errors
Note on reverting back to previous rules and restarting httpd cause apache to fail to start no matter what was tried. Uninstalling CWAF resolved the problem and apache restarted. Going to reload & see what happens with new version & rules…
edit
Reinstalled complete new version, and now the PCRE errors have disappeared again
Reinstalled complete new version, and now the PCRE errors have disappeared again
Me too 
EDIT: I had not updated the rules, the problem still persists: (
New rules released
Version 0.37 - 2014.02.11
- CVE-2012-6621
- CVE-2014-1206
- CVE-2014-1683
- CVE-2014-1610
New rules released
Version 0.38 - 2014.02.18
- CVE-2014-1619
- CVE-2014-0793
- CVE-2014-0794
New rules released
Version 0.39 - 2014.02.25
- CVE-2014-0010
- CVE-2013-1852
- CVE-2012-6628
Version 0.40 - 2014.02.26
- CVE-2012-6628 hotfix
Version 0.41 - 2014.03.04
- CVE-2013-1466
- CVE-2013-3933
- CVE-2013-3639
Version 0.42 - 2014.03.11
- CVE-2014-1914
- CVE-2013-7319
- CVE-2013-7326
Version 0.43 - 2014.03.12
- CVE-2012-6628 hotfix
Version 0.44 - 2014.03.18
- CVE-2013-5983
- CVE-2014-1403
Version 0.45 - 2014.03.25
- CVE-2014-1401
- CVE-2014-1459
- CVE-2012-6625
- CVE-2012-6622
- CVE-2012-6623
Version 0.46 - 2014.04.01
- CVE-2012-6624
- CVE-2014-1879
Version 0.47 - 2014.04.08
- CVE-2014-1915
Version 0.48 - 2014.04.15
- CVE-2014-1907
- CVE-2013-1759
- CVE-2013-3478
- CVE-2013-5953
Version 1.00-1.03 - 2014-04-29
- Completely new rules set
Version 1.04-1.08 - 2014-05-06
- False positives fixed
Version 1.09 - 2014-05-12
- CVE-2013-7334
- CVE-2014-1945
- False positives fixed
Version 1.10 - 2014-05-20
- CVE-2014-2088
- CVE-2014-2089
- CVE-2014-2090
- False positives fixed
Version 1.11 - 2014.05.27
- CVE-2013-1409
- CVE-2013-5952
- CVE-2014-2219
- CVE-2014-2091
- False positives fixed
Version 1.12 - 2014.06.03
- CVE-2014-1944
- CVE-2013-3961
- CVE-2014-0334
- False positives fixed
Version 1.13 - 2014.06.12
- CVE-2014-2316
- CVE-2014-2092
- CVE-2014-3246
- Bruteforce protection (disabled by default)
- User defined white list of User-Agents
- False positives fixed
Version 1.14 - 2014.07.02
- CVE-2014-3246
- CVE-2014-3247
- CVE-2014-2040
- CVE-2014-1906
- CVE-2013-1758
- CVE-2014-2317
- CVE-2014-2315
- CVE-2013-2754
- Bruteforce protection
- Userdata whitelists
Version 1.15 - 2014.07.23
- CVE-2013-5955
- CVE-2014-2280
- CVE-2014-1840
- CVE-2014-2211
- CVE-2014-2024
- CVE-2014-1877
- CVE-2012-1563
- CVE-2014-2245
Version 1.16 - 2014.07.29
- Bruteforce protection update
- CVE-2013-0734
Version 1.17 - 2014.08.19
- CVE-2013-5640
- CVE-2013-5639
- CVE-2013-2695
- CVE-2013-2694
- CVE-2013-2559
- CVE-2014-1401 updated
- XML quadratic blowup attack
- userdata_bl_agents
Version 1.18 - 2014.09.10
- Removed few XSS FPs
- Performance optimization
- Slowloris HTTP protection
- CVE-2014-5266
- CVE-2013-7346
- CVE-2013-4430
- CVE-2014-3123
- CVE-2014-3783
- CVE-2012-6644
- CVE-2012-6642
- CVE-2012-6643
- userdata_login_pages
- Joomla extra rule
Version 1.19 - 2014.10.01
- CVE-2014-2708
- CVE-2014-2579
- CVE-2014-2340
- CVE-2014-3845
- CVE-2013-2107
- CVE-2013-2705
- CVE-2013-2700
- CVE-2014-3870
- CVE-2013-7375
- CVE-2014-1613
Version 1.20 - 2014.10.21
- CVE-2014-3843
- CVE-2014-3210
- CVE-2014-4513
- CVE-2014-4515
- CVE-2014-4518
Shellshock: - CVE-2014-6271
- CVE-2014-6277
- CVE-2014-6278
- CVE-2014-7169
- CVE-2014-7186
- СVE-2014-7187
Version 1.21 - 2014.11.12
- CVE-2013-4380
- CVE-2014-3453
- CVE-2013-1803
- CVE-2014-4194
- CVE-2014-4195
- CVE-2014-4520
- CVE-2014-5108
- Extra Joomla protection rule
- Extra Wordpress protection rule
Version 1.23 - 2014.12.29
This version contains new improved structure of categories and rules groups.
All current excludes will be automatically migrated to the new structure during update.
This rule set required client version 2.1.1 and higher.
Version 1.22 - 2014.12.29
- CVE-2014-4853
- CVE-2014-3992
- CVE-2014-3991
- CVE-2014-4528
- CVE-2013-1407
- CVE-2014-2558
- CVE-2012-4915
- CVE-2014-3921
- CVE-2014-4846
- CVE-2014-4847
- CVE-2014-4848
- CVE-2014-4938
- CVE-2014-4541
- CVE-2014-3777
- CVE-2014-3920
- CVE-2014-4955
- CVE-2014-4531
- CVE-2014-4532
- CVE-2014-4854
- CVE-2014-4845
- CVE-2014-4937
- CVE-2014-4850
- CVE-2014-3544
- CVE-2014-3549
- CVE-2014-4568
- CVE-2014-4589
- CVE-2014-4960
- Fixed WHMCS falses
- some performance modifications
Version 1.24 - 2015.01.29
- CVE-2014-4687
- CVE-2014-4688
- CVE-2014-4689
- CVE-2014-5115
- CVE-2014-4852
- CVE-2014-4533
- CVE-2014-4552
- CVE-2014-4554
- CVE-2014-4555
- CVE-2014-4556
- CVE-2014-4557
- CVE-2014-4563
- CVE-2014-4564
- CVE-2014-4565
- CVE-2014-4566
- CVE-2014-4594
- CVE-2014-4595
- CVE-2014-4596
- CVE-2014-5183
- CVE-2014-5184
- CVE-2014-5187
- CVE-2014-5194
- CVE-2014-5186
- CVE-2014-4575
- CVE-2014-4584
- CVE-2014-4585
- CVE-2014-4587
- CVE-2014-4604
- CVE-2014-4605
- CVE-2014-4606
- CVE-2014-4939
- CVE-2014-4940
- CVE-2014-4941
- CVE-2014-5180
- CVE-2014-5190
- CVE-2014-5196
- CVE-2014-5022
- CVE-2014-5181
- CVE-2014-5182
- CVE-2014-5193
- CVE-2014-5199
- CVE-2014-5201
- CVE-2014-5202
- Extra WHMCS protection rule
- Extra Wordpress protection rule
Rules for Apache: version 1.25 - 2015.02.25
- CVE-2013-3727 [SQLi] Kasseler CMS
- CVE-2013-3728 [XSS] Kasseler CMS
- CVE-2014-1222 [Dir.Traversal] Vtiger CRM before 6.0.0 Security patch 1
- CVE-2014-4002 [XSS] Cacti 0.8.8b
- CVE-2014-4524 [XSS] WP Easy Post Types plugin before 1.4.4 for WordPress
- CVE-2014-4526 [XSS] efence plugin 1.3.2 and earlier for WordPress
- CVE-2014-4527 [XSS] EnvialoSimple: Email Marketing and Newsletters plugin before 1.98 for WordPress
- CVE-2014-4534 [XSS] HTML5 Video Player with Playlist plugin 2.4.0 and earlier for WordPress
- CVE-2014-4537 [XSS] Keyword Strategy Internal Links plugin 2.0 and earlier for WordPress
- CVE-2014-4538 [XSS] Malware Finder plugin 1.1 and earlier for WordPress
- CVE-2014-4549 [XSS] WooCommerce SagePay Direct Payment Gateway plugin before 0.1.6.7 for WordPress
- CVE-2014-4560 [XSS] ToolPage plugin 1.6.1 and earlier for WordPress
- CVE-2014-4574 [XSS] WebEngage plugin before 2.0.1 for WordPress
- CVE-2014-4581 [XSS] WPCB plugin 2.4.8 and earlier for WordPress
- CVE-2014-4582 [XSS] WP Consultant plugin 1.0 and earlier for WordPress
- CVE-2014-4583 [XSS] WP-Contact (wp-contact-sidebar-widget) plugin 1.0 and earlier for WordPress
- CVE-2014-4586 [XSS] wp-football plugin 1.1 and earlier for WordPress
- CVE-2014-4591 [XSS] WP-Picasa-Image plugin 1.0 and earlier for WordPress
- CVE-2014-4593 [XSS] WP Plugin Manager (wppm) plugin 1.6.4.b and earlier for WordPress
- CVE-2014-4942 [Information] The EasyCart (wp-easycart) plugin before 2.0.6 for WordPress
- CVE-2014-4944 [SQLi] BSK PDF Manager plugin 1.3.2 for WordPress
- CVE-2014-4600 [XSS] WP Ultimate Email Marketer plugin 1.1.0 and earlier for WordPress
- CVE-2014-4601 [XSS] Wu-Rating plugin 1.0 12319 and earlier for WordPress
- CVE-2014-4602 [XSS] XEN Carousel plugin 0.12.2 and earlier for WordPress
- CVE-2014-5192 [SQLi] Sphider
- CVE-2014-5337 [Information] The WordPress Mobile Pack plugin before 2.0.2 for WordPress
- CVE-2014-5343 [XSS] Attack in Feng Office
- CVE-2014-5344 [XSS] Mobiloud plugin before 2.3.8 for WordPress
- CVE-2014-5345 [XSS] Possible XSS Attack in Disqus Comment System plugin before 2.76 for WordPress
- CVE-2014-5347 [CSRF/XSS] Disqus Comment System plugin before 2.76 for WordPress
- CVE-2014-5368 [Dir.Traversal] WP Content Source Control plugin 3.0.0 and earlier for WordPress
- Possible Shell Upload Vulnerability in extplorer plugin for Joomla!
- Blocking execution of an uloaded shell in Joomla!
Rules for Apache: version 1.28 - 2015.04.09
- New rules organisation scheme
- CVE-2014-4543 - XSS in the Pay Per Media Player plugin 1.24 and earlier for WordPress
- CVE-2014-4546 - XSS in book_ajax.php in the Rezgo plugin 1.4.2 and earlier for WordPress
- CVE-2014-4572 - XSS in the Votecount for Balatarin plugin 0.1.1 and earlier for WordPress
- CVE-2014-4580 - XSS in the WP BlipBot plugin 3.0.9 and earlier for WordPress
- CVE-2014-4588 - XSS in the Hot Files: File Sharing and Download Manager (wphotfiles) plugin 1.0.0 and earlier for WordPress
- CVE-2012-4768 - XSS in the Download Monitor plugin before 3.3.5.9 for WordPress
- CVE-2014-6445 - XSS in Contact Form 7 Integrations plugin 1.0 through 1.3.10 for WordPress
- CVE-2014-7152 - XSS in the Easy MailChimp Forms plugin 3.0 through 5.0.6 for WordPress
- CVE-2014-7153 - SQL injection in the Huge-IT Image Gallery plugin 1.0.1 for WordPress
- CVE-2014-10021 - Shell Upload Vulnerability WP Symposium plugin 14.11 for WordPress
- Shell Upload Vulnerability in extplorer for Joomla
- Updated list of malware and phishing domains
- Few false positives removed
2015.04.22
Rules for Apache: version 1.31
Rules for LiteSpeed: version 1.25
Rules for Nginx: version 1.04
- CVE-2014-4570 - Multiple XSS vulnerabilities in the VideoWhisper Video Presentation plugin before 3.31 for WordPress
- CVE-2014-4569 - XSS in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress
- CVE-2014-4545 - Multiple XSS vulnerabilities in pq_dialog.php in the Pro Quoter plugin 1.0 and earlier for WordPress
- CVE-2014-4540 - XSS vulnerability in the Oleggo LiveStream plugin 0.2.6 and earlier for WordPress
- CVE-2014-4599 - Multiple XSS vulnerabilities in the WP-Business Directory (wp-ttisbdir) plugin 1.0.2 and earlier for WordPress
- CVE-2014-4590 - XSS vulnerability in the WP Microblogs plugin 0.4.0 and earlier for WordPress
- CVE-2014-4579 - XSS vulnerability in the Appointments Scheduler plugin 1.5 and earlier for WordPress
- CVE-2014-4573 - Multiple XSS vulnerabilities in the Walk Score plugin 0.5.5 and earlier for WordPress
- CVE-2014-4576 - XSS vulnerability in the WordPress Social Login plugin 2.0.3 and earlier for WordPress
- CVE-2014-4578 - XSS vulnerability in the WP App Maker plugin 1.0.16.4 and earlier for WordPress
- CVE-2012-5700 - Multiple XSS vulnerabilities in Baby Gekko before 1.2.2f
- CVE-2012-6659 - XSS vulnerability in the admin interface in Phorum before 5.2.19
- CVE-2014-5017 - SQL injection vulnerability in LimeSurvey 2.05+ Build 140618
- CVE-2014-5016 - Multiple XSS vulnerabilities in LimeSurvey 2.05+ Build 140618
- CVE-2014-5018 - XSS vulnerability in LimeSurvey 2.05+ Build 140618
- CVE-2010-5302 / CVE-2010-5303 / CVE-2009-5142 - XSS vulnerability in TimThumb 1.09 and earlier
- CVE-2014-6619 - Multiple XSS vulnerabilities in Restaurant Script (PizzaInn_Project) 1.0.0
- CVE-2014-5259 - XSS vulnerability in the CatTranslate JQuery plugin in BlackCat CMS 1.0.3
- CVE-2014-5111 - Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files
- CVE-2014-5109 / CVE-2014-5110 - SQL injection and XSS vulnerabilities in Fonality trixbox
- CVE-2014-5112 - Fonality trixbox allows remote attackers to execute arbitrary commands
- Updated list of malware and phishing domains
2015.04.28
Rules for Apache: version 1.32
Rules for LiteSpeed: version 1.26
Rules for Nginx: version 1.05
- CVE-2014-4521 / CVE-2014-4522 - Multiple XSS vulnerabilities in the dsIDXpress IDX plugin before 2.1.1 and WordPress Edition plugin 1.0-beta10 and earlier for WordPress
- CVE-2014-4516 - XSS vulnerability in the BIC Media Widget plugin 1.0 and earlier for WordPress
- CVE-2014-4597 - XSS vulnerability in in the WP Social Invitations plugin before 1.4.4.3 for WordPress
- CVE-2014-4571 - Multiple XSS vulnerabilities in the VN-Calendar plugin 1.0 and earlier for WordPress
- CVE-2014-4603 - Multiple XSS vulnerabilities in the Yahoo! Updates for WordPress plugin 1.0 and earlier for WordPress
- CVE-2014-4735 - XSS vulnerability in MyWebSQL 3.4 and earlier
- CVE-2014-1879 - XSS vulnerability in phpMyAdmin before 4.1.7
- CVE-2012-1506 - SQL injection vulnerability in OrangeHRM before 2.7
- Updated list of malware and phishing domains
- Removed SecServerSignature from ruleset